After SCOM UR4 Update - Unix Agents are failing to Install

javad paasha 1 Reputation point
2022-08-12T10:11:24.097+00:00

Hi,

Since we updated SCOM 2019 to UR4 the UNIX agent installs stopped working. The error relates to the Sudoer file.

Someone has suggested tweaking the Sudoers regex to support the new agent version 1.6.10-1 since it’s the first version to include 2 digit numbers.

The new agent version is scx-1.6.10.1
The old agent version is scx-1.6.8.1
In the Sudoers file it has scx-1.[5-9].[0-9][0-9]-[0-9].sh.

Please could someone advise what the regex tweak is?

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,413 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Graham 176 Reputation points
    2022-08-12T11:29:21.277+00:00

    HI

    There is a discussion on Reddit about this issue which might help:

    https://www.reddit.com/r/scom/comments/wfdgfy/linux_agent_upgrade_issuefailing_to_discover/

    Do you have FIPS enabled?

    Is this RHEL 8 Linux servers?

    proulxbear has posted:

    • You need to change the installer script to ignore digest verification, but this is only an issue with rhel8 hosts.
    • Or turn off FIPS (if it is enabled on the RHEL servers)

    There is also a new set of Linux management packs due to the found vulnerability in the omi package:

    https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-33640

    Cheers

    Graham

    0 comments No comments

  2. javad paasha 1 Reputation point
    2022-08-16T09:42:21.353+00:00

    Hi Graham,

    Thanks for the response.

    They are mainly RHEL 7.9 devices and FIPS is not enabled.

    After importing the latest UNIX Management pack in June, the Agent Push job from the SCOM console stopped working for a clean install. We were getting the below error:

    Failed to install kit. Exit code: 1
    Standard Output: Sudo path: /usr/bin/

    Standard Error: sudo: no tty present and no askpass program specified

    It only works when we manually deploy the old agent to the UNIX device. Then upgrade the agent from the SCOM console. However the new agent version shows in the SCOM console, but on the device it still has the old version.

    Looking at the error, it seems that it could be the sudoer file.

    0 comments No comments

  3. Mauricio Maranho 1 Reputation point
    2022-08-25T15:52:45.333+00:00

    In specific answer to your question, the regex is off:
    scx-1.6.10.1
    scx-1.[5-9].[0-9][0-9]-[0-9].sh.

    The '-' should be a '.'
    scx-1.[5-9].[0-9][0-9].[0-9].sh.

    If you're using Kevin Holman's sudoer's line, then adding that extra [0-9] (like you did), should work for the versioning.
    scxmaint ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-scxmaint/scx-1.[5-9].[0-9]-[0-9][0-9][0-9].universal[[:alpha:]].[[:digit:]].x[6-8][4-6].sh --install; EC=$?; cd /tmp; rm -rf /tmp/scx-scxmaint; exit $EC
    vs.
    scxmaint ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-scxmaint/scx-1.[5-9].[0-9][0-9]-[0-9][0-9][0-9].universal[[:alpha:]].[[:digit:]].x[6-8][4-6].sh --install; EC=$?; cd /tmp; rm -rf /tmp/scx-scxmaint; exit $EC

    0 comments No comments